Posts

Linux isolates containers using kernel namespaces. Sometimes you need the opposite: two containers that can see each other’s processes or share memory. The pid and ipc directives give you that escape hatch. Sharing a PID namespace pid: service:<name> lets a container see and act on processes inside another service: services: app: image: myapp debugger: image: alpine pid: service:app cap_add: - SYS_PTRACE command: sleep infinity The debugger container’s ps, strace, and /proc all reflect app’s processes. Combined with cap_add: SYS_PTRACE, you can attach strace or gdb to a running production-style container without baking debug tools into its image. ...

docker compose up --wait (Tip #51) waits for services to become healthy. docker compose wait does something different: it waits for services to exit, and returns their exit code. Basic usage docker compose wait <service> The command blocks until the specified service stops, then prints the exit code. If you echo $? after, it’s the same value. This is perfect for one-shot services: migrations, batch jobs, test runners, anything that runs and exits. ...

By default, Compose pulls an image when it’s missing locally and uses the cached one otherwise. pull_policy lets you change that behavior per service. The policies services: web: image: nginx pull_policy: always Available values: missing (default when no build: is defined): pull only if the image is not present locally. Alias: if_not_present. Note: the latest tag is always pulled even with this policy. always: pull on every up, even if the local image is recent never: don’t pull, fail if the image is missing build: build the image, rebuilds even if it’s already present locally daily: check the registry if the last pull was more than 24 hours ago weekly: check the registry if the last pull was more than 7 days ago every_<duration>: check the registry if the last pull was older than the given duration. Units: w, d, h, m, s (or any combination, e.g. every_12h, every_30m, every_1d12h) When to use each always for development against a fast-moving tag: ...

Compose volumes default to local disk on the host running the container. When you need storage shared across hosts, a volume driver does the job. The built-in local driver already supports NFS through its options. Basic NFS mount Declare a volume that points to an NFS export: volumes: shared: driver: local driver_opts: type: nfs o: "addr=nfs-server.example.com,rw,nfsvers=4" device: ":/exports/shared" services: app: image: myapp volumes: - shared:/data The app service mounts /exports/shared from the NFS server at /data inside the container. Multiple containers (or even multiple Compose stacks on different hosts) can mount the same volume to share data. ...

By default, containers inherit DNS configuration from the Docker daemon. When you need to override that, three directives give you full control: dns:, dns_search:, and dns_opt:. Setting custom DNS servers dns: overrides which resolvers the container queries: services: app: image: myapp dns: - 1.1.1.1 - 8.8.8.8 The container now uses Cloudflare and Google DNS instead of whatever the host provides. Useful when: The host DNS is slow or unreliable for your use case You need a specific public DNS for content filtering (Pi-hole, NextDNS) A development environment must reach internal services through a corporate DNS server Search domains dns_search: adds search domains so short names resolve against them: ...